1. Information We Collect

We collect information that you provide directly and data generated automatically through your use of our services:

2. IP Geolocation & Country Detection

When you first visit REMITNIX, we automatically detect your country using IP-based geolocation. This is essential for providing you with the correct currency, exchange rates, payment methods, and available services.

• What we collect: Your IP address is sent to a third-party geolocation service (ip-api.com) to determine your country. Only country-level data is returned — no precise GPS coordinates, city, or street-level location is collected.
• How it is stored: The detected country code (e.g., "IN" for India) is stored in your browser session cookie and, upon registration, saved to your user profile.
• Fallback behavior: If geolocation fails or your country is not supported, India (IN) is used as the default.
• Your control: You can change your country at any time using the Preferences selector in the navigation menu. Your manual choice always overrides auto-detection.
• Third-party providers: ip-api.com (primary), with fallbacks to IpInfo, GeoPlugin, and Ip2Location. These providers receive only your IP address and return only country-level data.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services including bill payments, recharges, remittance, and travel bookings
• Process transactions and send related notifications (email, SMS, in-app)
• Route you to the correct country-specific services, currency, and exchange rates
• Verify your identity as required by applicable financial regulations (KYC/AML/CFT)
• Detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities
• Monitor transactions for suspicious patterns as required by AML regulations
• Communicate with you about service updates, promotions, and customer support
• Generate anonymized, aggregated analytics to improve the platform
• Comply with legal obligations and respond to lawful requests from regulatory and law enforcement authorities

4. Information Sharing & Partners

We do not sell your personal information. We share data only with the following categories of partners, and only to the extent necessary:

• IME Remit (Remittance Partner) — Receives sender/receiver name, amount, and identity data necessary to process India–Nepal money transfers. Licensed by Nepal Rastra Bank.
• Khalti by IME (Utility Partner) — Receives transaction details (bill account numbers, amounts, service identifiers) necessary to process Nepal utility payments, recharges, and travel bookings.
• Cashfree Payments (Payment Gateway) — Receives payment details to process wallet top-ups and collections. PCI-DSS Level 1 compliant. Card data is processed directly by Cashfree and never stored on REMITNIX servers.
• DIDIT (KYC Provider) — Receives identity documents and biometric data (selfie) for verification. Data is processed under strict data protection agreements.
• IP Geolocation Providers (ip-api.com, IpInfo, GeoPlugin) — Receive your IP address to determine your country. No personal data beyond IP is shared.
• Cloud & Infrastructure — Hosting, email delivery (SMTP), and SMS providers who process data on our behalf under strict confidentiality and data processing agreements.
• Legal & Regulatory — When required by law, court order, subpoena, or government/regulatory request. We may also disclose data to FIU-IND (Financial Intelligence Unit) as required by the PMLA, 2002.

5. Data Security

We implement industry-standard security measures to protect your data:

• All data in transit is encrypted using TLS 1.2+ / SSL (HTTPS enforced)
• Sensitive data at rest is encrypted using AES-256 encryption
• Payment card information is never stored on our servers — processed directly by Cashfree (PCI-DSS Level 1 compliant)
• Passwords are hashed using bcrypt with per-user salts
• Access to personal data is restricted to authorized employees on a need-to-know basis
• CSRF protection is enabled on all forms and state-changing requests
• Regular security audits and vulnerability assessments are conducted
• Suspicious login attempts and unusual transaction patterns trigger automated alerts

6. Cookies & Tracking

We use only essential cookies required for the Platform to function:

• Session Cookie: Maintains your login session and authentication state.
• Country Preference: Stores your selected country so we can route you to the correct services and currency.
• Language Preference: Stores your language choice (English or Nepali).
• CSRF Token: Protects against cross-site request forgery attacks.

We do not use third-party advertising cookies, tracking pixels, or behavioral targeting tools. We may use basic server-side analytics to understand service usage patterns — this data is anonymized and aggregated.

7. Data Retention

• Account Data: Retained for as long as your account is active.
• Transaction Records: Retained for a minimum of 7 years as required by financial regulations (PMLA 2002, RBI guidelines).
• KYC Documents: Retained for a minimum of 5 years after account closure as required by AML regulations.
• Support Messages: Retained for 3 years for quality assurance and dispute resolution.
• IP/Session Logs: Retained for 90 days for security and fraud investigation purposes.

After account deletion, we may retain certain data as required by law or for legitimate business purposes (fraud prevention, legal compliance, dispute resolution). All retained data continues to be protected under this Privacy Policy.

8. Your Rights

Depending on your location and applicable data protection laws, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your data (subject to legal retention requirements and active wallet balances).
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing of your data for certain purposes.
• Withdraw Consent: Withdraw previously given consent for optional data processing (e.g., promotional emails).

To exercise any of these rights, please contact us at privacy@remitnix.com or via our Contact Page. We will respond within 30 days.

9. International Data Transfers

As we serve Users in 14 countries, your data may be transferred to and processed in countries other than your own — primarily India (where our servers and team are based) and Nepal (where our service partners IME Remit and Khalti by IME operate).

We ensure appropriate safeguards are in place for all international data transfers, including data processing agreements with all partners, encryption of data in transit, and compliance with applicable data protection regulations in each jurisdiction.

10. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will immediately delete such information and suspend the associated account. If you believe a child has registered on our Platform, please contact us immediately.

11. Changes to This Policy & Contact

We may update this Privacy Policy from time to time. If a revision is material, we will notify you via email or in-app notification at least 14 days before the changes take effect. The "Effective Date" at the top of this page reflects the most recent update.

If you have any questions or concerns about this Privacy Policy, please contact us:

• Email: privacy@remitnix.com
• Support: Contact Us
• Data Protection Officer: REMITNIX Pvt. Ltd., India